* Posts by Cyberspy

20 publicly visible posts • joined 7 Aug 2009

Salesforce sacks two top security engineers for their DEF CON talk


Yes, you misunderstood the story

"Unless I've misunderstood the story, Salesforce owned the code and therefore no employee is allowed disclose or distribute the company's property without permission."

Correct, except when this has been signed off months before.

And, they weren't sacked (so it seems) for actually sharing the code - that will come later. They were sacked for giving the presentation.

The Exec text messaged them 30 mins before the presentation - at a time where their phones were likely already switched off (also remember, this is DEFCON - many people turn their phones off all the time there. It's a good chance you'll be hacked otherwise!), and then used the fact they had given the presentation as an excuse to fire them.

Quite shockingly bad management from a Salesforce Exec - which I predict we will hear more about over the next few weeks, possibly including the sacking of the said Exec.

Microsoft releases free anti-malware for Azure VMs



"Thank god in the FOSS world you do not need this shit ... if there is a flaw, it will be fixed before lunch, get the sources, recompile, done ... "

While that may be possible, most FOSS users can't or wouldn't do this, even for installed apps (how many fixed the Open SSL bug before a patch was released?)

If the bug is in the kernel, it's even less likely that there is someone on hand with the skills to fix it.

FOSS just means that sufficiently motivated and skilled hackers (and there are lots out there) have another way of researching security holes in software.

EU copyright law: Is the Pirate Party's MEP in FAVOUR of it?


It's a good start

If the Pirate Party want to be taken seriously, they must present policies that stand a chance of being accepted, rather than just saying everything should be free.

While not perfect, this seems a reasonable attempt to achieve this.

Of course, not everyone will agree, but that's the nature of the whole copyright discussion anyway.

Virgin Media blocks 'wankers' from permissible passwords


Why the US spellings?


pedo, pedofilia & pedophile

aren't allowed, but

paedo, paedophilia and paedophile are all OK!

Password manager LastPass goes titsup: Users locked out

Paris Hilton

Password Safe and the 'Paris Angle'

I use Password Safe: http://passwordsafe.sourceforge.net/

It's free, open source, and the file is stored locally on your PC, so it's always available.

Although it's a Windows app, there are Linux and Android ports for those who want them.

I back mine up to an online Subversion repository, so I can access the file where ever I am if necessary, but I keep local copies at work and at home so it's pretty much always available.


Trusting all your passwords to an external hosted service who can obviously access those passwords, and can deny you access to them (even if through accident/incompetence rather than malice)? Why, even Paris wouldn't do that!

Coke? Windows 8 is Microsoft's 'Vista moment'. Again

Paris Hilton

Re: Licenses 'sold'.

If we all had this attitude, we'd still be using the Windows 3

Even Paris knows that (she had to get in here somewhere!)

Take away bad drivers' mobile phones, they still crash their cars


Re: Same goes for speeding

Extra police patrols could catch people in the act of doing something stupid, but what they can't weed out are the drivers who don't concentrate, or who are just crap but appear to be driving OK (not speeding, overtaking recklesly etc) most of the time. Their poor driving only comes to light when something goes wrong, by which time it is too late.

Hence my comment that there is no easy way of weeding these drives out once they have passed their test - unless we all have to retake our tests every 10 years or so. While that would do a great deal to improve the standards of driving, I can't see it being something that even people who think driving standards are falling would be willing to support in large numbers.

I guess another option would be forward facing cameras and GPS tracking in every car. Now that really is a big brother vision I wouldn't like to contemplate!

Big Brother

Same goes for speeding

It's the same problem with all the speed cameras and calls to make speeding as socially unacceptable as drink driving.

Accidents are caused by inappropriate speed - not just going over the speed limit.

90mph on an empty motorway? Not a problem.

25mph past a school at going-home time? Get the ambulances ready.

People who drive badly do so even when not using a phone and not speeding - and still cause accidents.

Good drivers (probably) don't use the phone in the first place, and get off it, or pull over ASAP. They also drive at speeds appropriate to the road conditions, and within their abilities - even if that means they are above the speed limit.

The problem is, there is no simple way, once the test has been passed, to weed out the morons until after they have caused an accident - so we all have to pay the price with more and more rules that don't actually achieve what they are intended to do.

'Nutjob' serves half-baked Raspberry PI scam


Re: More delays

Just sold an extra one I had on eBay, in an auction for £68 to someone in Khazakstan. Perhaps it was S B-C himself!

Torvalds bellows: 'The GNOME PEOPLE are in TOTAL DENIAL'


A bit off topic but...

"It's a lesson that MS will soon learn. Don't annoy the user. Every freedom you take from the user, including the freedom to turn your junk off and configure it how they like, leads to dumber and dumber users (and thus attracts only those dumber users). "

"Dear Software-on-my-computer, ... You just need to work. And do what I tell you. And if I tell you to do something, do it (maybe with confirmation if I'm being incredibly dangerous). Not letting me turn off start screens, menus, notifications, sidebars, touch gestures, change hotkeys ... or even just telling me that you "know better" is a prime way to get me to move onto something else."

Some lessons here for Apple as well I think!

I've got my coat & I'm going now ;-)

Verisign admits 2010 hack attack, mum on what was nicked

Black Helicopters

This all begs the question...

...why have they decided to spill the beans now?

If they've kept is secret this long, why not continue that way?

Was there another security leak - this time an employee who was going to go public if they didn't?

Almost entire EU now violating Brussels cookie privacy law

Big Brother

Number 10 is Big Brother

You would have expected government sites to have followed these rules, even if the rest of us are not interested.

http://www.number10.gov.uk/ however as clearly not followed the rules - Google tracking cookies and - shock horror - third-party cookies from YouTube & Facebook, abound.

As they haven't asked permission to set these cookies, it must mean they are 'spying' on us and abusing our privacy, like some Orwellian Big Brother!


Are EU countries embarrassed by this?

The underwhelming response from the rest of the EU suggests that the member countries aren't to keen on this law either. Not surprising really, when it seems to have been written by some unnamed bureaucrat who lives in a hole and has never really used the internet.

Anyway, it seems to have passed into our law but:

* Is it the location of the person/company who owns the web site, or the location of the web server that determines if this law has to be followed.

* Given that there are millions of sites in the UK and europe, how is it going to be enforced? The cost of litigating against every site who refuses to obey will make Greece's debt look like petty cash.

* As this is a european law, that I can't see being replicated across the world, has anyone considered the costs to EU business from lost customers, or the loss to the EU of businesses who just move abroad.

Yet another example of ridiculous bureaucracy from europe, that it seems, yet again, we are forced to follow while most EU countries ignore.

Facebook boobs over breastfeeding page... again


@AC - why don't they just

They probably don't have an issue with FB's T's & C's.

All they want is for FB to apply their T's&C's consistently and fairly - something that is obviously not going on here.

The fact is, they want their group to be easily found and accessible, which is what Facebook is for.

@Your Retarded (Surely "You're Retarded", or perhaps I'm missing the joke about someone being retarded - any idea who it could be?)

While FB do have too much of the market, a group of Mums sharing info about breastfeeding and who just wants to be found are probably not the sort of activists who also want to make a stand against FB's near monopoly.

'Larry and Sergey's HTML5 balls drained my resources'

Paris Hilton

Get a life

It's a bit of fun which (on my PC) didn't raise CPU usage above 12% for FF, Chrome, Safari or IE 8 (it did look shit in IE though, coz the balls stayed the same size instead of getting bigger).

It made no difference to the CPU while it wasn't being used.

If you don't like it, move on.

If you see it as a bit of fun, showing what HTML5 is capable of, then play with it.

Whatever you do though, quit the moaning

Paris, coz even she wouldn't moan like this!

City Police still using Terror Act to bother photographers

Black Helicopters

Progressive Alliance

All these laws introduced under Labour - one of the self-styled members of the 'Progressive Alliance'.

Where are we all progressing too? A police state it would seem.

Google opens up OAuth to tackle password chores

Paris Hilton

So what's changed?

This is like DejaVu all over again - Microsoft created Wallet/Passport/Live ID for much the same purpose. It's widely used by Microsoft sites, but hasn'treally taken off with other sites, probably because other sites don't really trust Microsoft with shared personal data like this.

This system may improve usability (less form filling/less emails to confirm email addresses/less passwords/usernames to remember but I cannot see how it will address the security concerns outlined in the article. Indeed, it could even make them worse.

The problem is, at the article noted, passwords. This system doesn't remove the need for a password.

If it is possible to work out someone's weak password, then use the same for other accounts, then this system is even worse.

Not only does it guarantee the user name will always be the same as well as the password (currently, usernames can vary from site to site) it also gives you the chance of trying multiple accounts. One of the screen shots in the 'hybrid onboarding' link shows and example site where you have the choice of using the site's native account, or an OpenID or a YahooID or a Google ID or a ClickPass ID. That's up to 5 chances to get the username/password correct, not just one.

Back to the drawing board, Google! Even Paris would see these flaws!

Japanese algorithm 'can tell if you're about to die'


Sounds great until...

someone makes the phone call for the dying person, and the medics take their time because the person who made the call sounded just great!

Twitter sued for patent infringement


@Steven Jones

"In the US patents are effectively granted by default"

This is what I suspected. So, instead of helping inventors making a fair profit from their original idea and so effectively stimulating invention, they just serve to make lawyers and patent trolls a quick buck, and hinder innovation.


How was this patented?

I thought thought patents were supposed to be 'non-obvious' to an expert in the field.

Sending short messages to people to warn them about something - this is not 'non-obvious'.

Surely an SMS to more than one person also infringes this patent. Pagers have also been used, for example in hospitals, like this (albeit with shorter messages) for years.

This is the problem with the patent system, especially the US one, and its software patents. Describe something vague, and wait until somebody else has a similar idea, then sue them for copying your idea. It really is crap. Its practically impossible to invent any sort of complex system these days, without infringing on someone's patent. If you come up with an idea, by yourself, then you should be allowed to use it, regardless of who else has thought of it before.